Kara Sutton
Former Senior Manager, Center for Global Regulatory Cooperation


February 24, 2017


As technology plays an increasing role in our daily lives, policymakers are trying to better understand how to respond to its role as both an economic driver and a disruptor. In many countries, the kneejerk response to our changing technological environment has been to regulate. But more often than not, these policies become barriers that restrict the benefits of the digital economy instead of driving growth.

Many of these regulations have noble aims. But we believe it is possible to achieve these goals without burdensome regulations. Two new reports by the Chamber -- Globally Connected, Locally Delivered and Seeking Solutions: Effective Attributes of DPAs -- detail how the concerns behind these policies can be better addressed. These reports examine:

  1. Data protection policies that aim to protect citizens’ right to privacy
  2. Forced localization policies that aim to safeguard security and privacy
  3. Local content and procurement policies that aim to promote economic growth

The reports find that reducing barriers to cross-border ICT services such as forced localization and local content requirements could boost the world’s GDP by $1.7 trillion. As the U.S. and countries around the world look to boost economic growth, that sort of growth is worth pursuing.

Policies should protect data privacy through engagement over prescriptive approaches

Many countries are redrafting existing data protection laws in order to ensure citizens’ rights to privacy are protected as their use of technology increases. So far, the majority of these new rules have ended up being inadequate and unclear, making it difficult for the regulatory community to comply with the new laws and for consumers to really understand their rights.

Privacy regulations should be streamlined and take a risk-based approach. This is more likely to encourage compliance and foster privacy protections. Privacy regulators in many jurisdictions play a crucial role in ensuring effective data protection regulation and creating a domestic culture that understands data privacy. The best way for privacy regulators to be effective is by treating those they regulate as partners rather than adversaries. Regulators should engage with the regulatory community and focus on promoting education, awareness and transparency. The regulatory community will be able to more easily comply in a privacy regime that is flexible and understandable.

Policies should encourage cross-border data flows over data localization

Data localization requirements pressure foreign companies to hold data locally that would otherwise move between countries. Many jurisdictions are increasingly citing privacy and security concerns as the basis for requiring foreign companies to store their data within national borders. As studies have shown, forcing data to be stored locally does not have any incremental impact on privacy or security.

While localization policies may seem like they makes data “safer” because you know exactly where the data is housed, in reality it is costly and does not increase national security at all. Localization actually makes data more vulnerable?. A national disaster could disconnect users or completely destroy data forever. And localization will not stop data breaches from occurring. Only effective security measures used in storing data can ensure its safety.

Localization policies discourage foreign companies from investing and doing business in country. Further, domestic companies often end up at a disadvantage to competitors around the world due to the burden of localization policies and lack of access to the best available digital goods and services. Policies that enable cross-border data flows allow for increased competition, which helps companies leverage economies of scale, and ultimately lower their cost of doing business and accurately address security and privacy concerns.

Policies should focus on long-term growth over short-term gains

Many countries are also trying to spur economic growth and champion domestic companies by relying on policies that limit data flows, require local content inputs, or limit foreign access to procurement contracts. These policies may very well bring short-term growth, but it won’t be sustained.

For instance, regulations that require the creation of data centers do create a small number of jobs at the center and bring economic development to the surrounding area. However, in the long-run, these centers disrupt supply chains, create inefficiencies in the economy, and slow innovation. Further, domestic consumers lose out because they have less choice and pay higher prices for digital services.

Rather than pursuing quick fix policies that put a short-term solution in place, policymakers should focus on policies that will address local concerns while also allowing for future innovation and growth. Fostering a more open regulatory environment that facilitates cross-border data flows is more likely to result in the development of new jobs and overall growth of the domestic and global economy. According to the Chamber’s commissioned report Globally Connected, Locally Delivered, open markets facilitating the cross-border delivery of ICT services could create up to 23 million jobs in the long-run and contribute $1.7 trillion to global GDP. These gains will not be realized in a global economy that is a patchwork of digital systems and policy.

By implementing growth-oriented policies, businesses of all sectors and sizes will be able to seize the opportunities of the digital economy. Instead of focusing on where to regulate, governments should look to remove existing barriers that are impeding growth. It is important regulation does not slow down the potential of the digital economy. Only a welcoming policy environment can lead to opportunities that create increases in GDP, government revenue, new jobs, and new businesses.

About the authors

Kara Sutton

Kara is former Senior Manager for the Center for Global Regulatory Cooperation.